Web browsers have evolved from discrete applications to integral portions of an operating system (OS) and even to independent platforms with characteristics of an OS. Conventional operating systems interact with many different users each with different privileges such as guests or administrators. Operating systems frequently fulfill the role of enforcing security policies, managing competing resource demands, and allocating access to computing resources. The evolution of web browsers has lead to web browsers being called on to function as an OS. Web browsers functioning as OSes will need to fulfill similar roles as conventional OSes.
In the web context the principals (analogous to users) with which browser-based OSes interact are web sites. Allocation of resources, security policy, and similar considerations are analyzed based on the web site accessed by the browser. Web browsers that do not function as a principal operating system based-browser may handle each principal piecemeal without a standardized resource sharing, security, or similar policies. For example, a trusted intranet web site may have privileges analogous to that of a user with administrator privileges whereas an unverified web site may be given only limited privileges similar to a guest user. One of the privileges which may be managed is access to computing resources such as memory, network bandwidth, or peripheral devices.
Currently resource management is handled by conventional operating systems in a number of different ways. Unix-based OSes use file system-based access control. Individual physical devices are mapped to files and the permissions are set accordingly. Drivers, as well as higher-level software that directly accesses devices, directly manipulate access control defaults for each physical device. WINDOWS®-based OSes use access tokens to describe the privileges of a user account, and use security descriptors to describe the access control list for a securable object. A securable object may be a named WINDOWS® object, such as files and physical devices, or an unnamed object, such as process or thread objects. These ways of handling resource management may be deficient if, for example, resource management of the operating system is bypassed by a web site directly accessing resources via the browser application.
Resource management in existing web browsers is largely non-existent. Web browsers do not manage computing resources such as CPU, memory, and network connectivity, and web browsers allow a plug-in to bypass any security measures implemented by the web browser and directly access the underlying OS. This design has problems such as leading to multiple and potentially conflicting security policies as well as limiting the ability of browsers to present the types of rich and robust content available to applications running directly on a conventional, commodity OS. Therefore, web browser applications, including web browsers that may function as OSes, lack useful resource management capabilities.